Creating basic security authorizations
To create basic security authorizations, you can use the sample job
HBORACF
, which contains a minimal set of RACF® commands to create security profiles for the Z Common Data Provider
runtime components.
Before you begin
Depending on your requirement, not all the RACF commands
in the HBORACF
job are required. The HBORACF
job has the comments
that explain in what situations the RACF commands are
required. Follow the customization instructions in the job to tailor the job according to your need.
To learn which components are required, see Components of the Z Common Data Provider.
Note: It is highly recommended that your security administrator review the contents of
the job
HBORACF
before running it and make any changes that are needed to be
consistent with your installation's security policies.If your installation uses an external security manager other than RACF, you must provide equivalent commands for your environment.
About this task
HBORACF
job creates the following basic security definitions.- The RACF user and group for the Z Common Data Provider started tasks.
- The started task profiles for the Z Common Data Provider started tasks.
- The specific security authorizations required for each Z Common Data Provider started task.
HBORACF
job contains the RACF commands to create security authorizations for:- collecting SMF records from an SMF log stream or an SMF in-memory resource
- collecting z/OS® system log data from the operation log
(
OPERLOG
)
Note:
- For more information about security required for collecting SMF records, see Authorizing access to SMF data.
- For more information about security required for collecting z/OS system log data, see Authorizing access to z/OS system log.
Procedure
Results
HBORACF
job completes with return code
0000
.